ciberseguridadfandomcom_es-20200214-history
Cross-Site-Scripting
Escribe aquí el primer párrafo de tu artículo. =Cross-Site-Scripting or XSS= thumb In this day all the people around the world uses the internet to interact with others persons, to pay bills or just to entertainment their self. The Internet has become a daily use to all the people, because it helps us to do work or teach people. We see the Internet everywhere, schools, airplanes, hospitals, restaurants, etc. But did you know that everything has two faces and that all the information that is on the Internet can be stolen by anyone who has knowledge about computer security, can simple steal your identity or money from you??? The Internet can be used for a good purpose or for a bad one. In this days the crimes are committed on the Internet and not by person. How about if I tell you that you’re not secured even if you have the latest antivirus. That’s right, almost all the information that is on the Internet is not secure and today I’m going to explain one of a lot of attacks that are running every day in the Internet. Let’s start with something simple. What’s Cross-site-scripting?? Cross-site-scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. An when someone clicks on the link, the embedded programing is submitted as part of the client’s Web requested and can be execute on the user’s computer, allowing the attacker to steal information from the victim. There are many ways that the attacker may send you the code. One of the popular ones is that they insert the code in a link that is sent to a victim from a trusted source an when the victim click on the link the attacker may have access to the computer of the victim without the victim noticed. There are different types of attacks but I’m just going to talk about two. thumb Stored XSS Attacks Stores attacks are those where the injected script is permanently stored on the target serves, like in the database, in a message on a forum, visit log, etc. The victim then retrieves the malicious script from the server when they request the stored information. Reflected XSS Attacks Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. This attacks are delivered to victims via other route, such as in an e-mail message, or on some other web site. When the person clicks on the malicious link, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. Then the browser executes the code because it came from a “trusted server”. After you read this you will be like, how can I protect myself from this attacks?? Some of my recommendation to all the people that don’t know anything about computer security is that don click on something that offers you a cellphone or anything else. Because you never know if that link has a malicious code in it. Don’t answer suspicious e-mails from persons that you don’t know. Because you never know what can be on it. Does are my recommendations for you so that you don’t fall in this treats. References. · https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet · http://www.technicalinfo.net/papers/CSS.html · http://www.technicalinfo.net/papers/CSS.html · http://www.technicalinfo.net/papers/CSS.html · http://www.technicalinfo.net/papers/CSS.html